KR101747144B1 - Method and system for preventing rogue access point - Google Patents

Method and system for preventing rogue access point Download PDF

Info

Publication number
KR101747144B1
KR101747144B1 KR1020160013495A KR20160013495A KR101747144B1 KR 101747144 B1 KR101747144 B1 KR 101747144B1 KR 1020160013495 A KR1020160013495 A KR 1020160013495A KR 20160013495 A KR20160013495 A KR 20160013495A KR 101747144 B1 KR101747144 B1 KR 101747144B1
Authority
KR
South Korea
Prior art keywords
unauthorized
blocking
information
unlicensed
user terminal
Prior art date
Application number
KR1020160013495A
Other languages
Korean (ko)
Inventor
정수환
송왕은
Original Assignee
숭실대학교산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 숭실대학교산학협력단 filed Critical 숭실대학교산학협력단
Application granted granted Critical
Publication of KR101747144B1 publication Critical patent/KR101747144B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to an unauthorized AP (Access Point) blocking system, wherein the system includes an unauthorized AP detection sensor for detecting an unauthorized AP in the assigned network and transmitting the detected unauthorized AP information; And a control unit for identifying the unlicensed AP based on information of the unlicensed AP transmitted from the unauthorized AP detection sensor and for detecting a service function of the identified unauthorized AP so that connection between a user terminal connected to the identified unauthorized AP and the unlicensed AP is blocked, And a blocking server for performing an attack to stop the server.

Description

{METHOD AND SYSTEM FOR PREVENTING ROGUE ACCESS POINT}

The present invention relates to an unauthorized AP blocking method and system, and more particularly, to a method and system for blocking an unauthorized AP using a network based on the IEEE 802.11w standard.

Each company and organization is using the Wireless Intrusion Prevention System (WIPS) system to protect their networks. In a conventional IEEE 802.11 WIPS system, a connection between an unauthorized AP and a user terminal connected thereto is blocked by a network sensing of a WIPS sensor, such as MAC address, SSID, BSSID, and channel of a terminal connected to an unauthorized AP And generates and transmits a management frame such as disassociation information and deauthentication information using the unauthorized AP and the MAC address of the user terminal among the collected information to perform a blocking operation do. At this time, the unauthorized AP and the user terminal having received the blocking frame recognize the blocking frame as a normal connection termination request and terminate the connection.

However, the network environment based on the IEEE 802.11w standard method operates to check the integrity of interception frames through MIC (Message Integrity Code). Therefore, if the WIPS sensor can not know the MIC between the unauthorized AP and the user terminal, it can not block the connection between the unauthorized AP and the user terminal.

In addition, when a separate agent (Agent) is installed in the user terminal to acquire the MIC, there arises a problem that the development cost and the maintenance cost are incurred and the price of the WIPS system is increased.

Korean Unexamined Patent Application Publication No. 10-2006-0011000 (published on Mar. 2, 2006)

The present invention is directed to a wireless communication system capable of blocking connection between an unauthorized AP and a user terminal connected thereto through a blocking server without involving an operation of extracting an MIC when the unauthorized AP operates in a network environment based on the IEEE 802.11w standard method And an unauthorized AP blocking method and system.

According to an embodiment of the present invention, an unauthorized access point (AP) blocking system detects an unauthorized AP in an assigned network and transmits information of the detected unauthorized AP, And a control unit for identifying the unlicensed AP based on information of the unlicensed AP transmitted from the unauthorized AP detection sensor and for detecting a service function of the identified unauthorized AP so that connection between a user terminal connected to the identified unauthorized AP and the unlicensed AP is blocked, And a blocking server for performing an attack to stop the network.

An unauthorized AP blocking method, which is performed by an unauthorized AP (Access Point) blocking system according to another embodiment of the present invention, is characterized in that the unauthorized AP detecting sensor detects unauthorized APs in the network assigned to the unauthorized AP detecting sensor, Transmitting information of the unauthorized AP; And the blocking server identifies the unlicensed AP based on the information of the unlicensed AP sent from the unauthorized AP detection sensor, and the unauthorized AP detects that the connection between the unauthorized AP and the user terminal connected to the identified unauthorized AP is blocked, And performing an attack to stop the service function of the service.

According to another exemplary embodiment of the present invention, an unauthorized access point (AP) blocking system includes an unauthorized AP detection sensor, and when the unauthorized AP is detected in the network, Transmits a blocking frame based on an IEEE 802.11 standard scheme for blocking a connection between a user terminal connected to the unauthorized AP and a user terminal connected to the unauthorized AP, and when the connection between the user terminal and the unauthorized AP is not blocked by the blocking frame, Transmits the information of the unauthorized AP to the blocking server and requests a DoS (Denial of Service) attack against the unauthorized AP.

The system according to an embodiment of the present invention may block the unauthorized AP in the IEEE 802.11w network environment without acquiring the MIC by separately providing a blocking server that performs the blocking attack. This is because it is much easier to block between user terminals and unauthorized APs than to install an agent for acquiring MICs in each user terminal in order to acquire an MIC. Since the maintenance cost is relatively low, Intrusion Prevention System) without increasing the price of the system.

1 is a structural diagram showing a structure of an unauthorized AP blocking system according to an embodiment of the present invention.
2 is a conceptual diagram showing an operation principle of an unauthorized AP blocking system according to an embodiment of the present invention.
3 is a flowchart illustrating an unauthorized AP blocking method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, which will be readily apparent to those skilled in the art. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "electrically connected" with another part in between . Also, when an element is referred to as "comprising ", it means that it can include other elements as well, without departing from the other elements unless specifically stated otherwise.

In this specification, the term " part " includes a unit realized by hardware, a unit realized by software, and a unit realized by using both. Further, one unit may be implemented using two or more hardware, or two or more units may be implemented by one hardware. On the other hand, 'to' is not limited to software or hardware, and 'to' may be configured to be an addressable storage medium and configured to play one or more processors. Thus, by way of example, 'parts' may refer to components such as software components, object-oriented software components, class components and task components, and processes, functions, , Subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables. The functions provided in the components and components may be further combined with a smaller number of components and components or further components and components. In addition, the components and components may be implemented to play back one or more CPUs in a device or a secure multimedia card.

The "user terminal" mentioned below may be implemented as a computer or a portable terminal capable of accessing a server or other terminal through a network. Here, the computer includes, for example, a notebook computer, a desktop computer, a laptop computer, and the like, each of which is equipped with a web browser (WEB Browser), and the portable terminal may be a wireless communication device , Personal Communication System (PCS), Global System for Mobile communications (GSM), Personal Digital Cellular (PDC), Personal Handyphone System (PHS), Personal Digital Assistant (PDA), International Mobile Telecommunication (IMT) Based wireless communication apparatuses such as a W-CDMA (Code Division Multiple Access) -2000, a W-CDMA (W-Code Division Multiple Access), and a Wibro (Wireless Broadband Internet) terminal. The term "network" may also be used in a wired network such as a local area network (LAN), a wide area network (WAN) or a value added network (VAN) And may be implemented in all kinds of wireless networks, such as communication networks.

Hereinafter, the IEEE 802.11 standard scheme refers to a standard technique used in a computer wireless network for a wireless LAN and a wireless local area network (Wi-Fi). IEEE 802.11 is a standard technology developed by the 11th Working Group of the IEEE / LAN / MAN Standards Committee of IEEE (IEEE 802.11), and although the term 802.11 and Wi-Fi are used interchangeably, the Wi-Fi Alliance refers to the term "Wi- 802.11 and Wi-Fi are not synonymous.

IEEE 802.11w refers to a modified version of IEEE 802.11 that improves the security of the Management Frame. Under the existing IEEE 802.11 network, MAC was vulnerable to security because it sent management information in unprotected frames. The IEEE 802.11w standard has been introduced to solve this problem.

An unauthorized AP (Rogue AP) is an unauthorized AP installed in a wired network for the convenience of the user or an AP installed intentionally by an attacker. This is a significant threat, and you should remove the rogue AP as it can break into your internal wired network without going through your company's security policies. If an ad-hoc network is constructed by connecting an AP without careful security by the user's carelessness, it may become more dangerous and cause a waste of network bandwidth by unauthorized persons.

Hereinafter, one embodiment of the present invention will be described in detail with reference to Fig. The system according to one embodiment of the present invention includes an unauthorized AP detection sensor 100, a management server 200, and a shutdown server 300.

The system according to an embodiment of the present invention is characterized by blocking unauthorized APs without grasping MIC (Message Integrity Code) in a network environment based on the IEEE 802.11w standard method. Unauthorized AP (Rogue AP) In the IEEE 802.11w based network environment, the MIC is a means for checking the integrity of the management frame. Therefore, if the MIC is not known even though the management frame is transmitted between the unauthorized AP and the user terminal connected to the unauthorized AP, the integrity authentication fails, and the unauthorized AP and the user terminal can not be intercepted.

However, the system of the embodiment of the present invention does not separately perform acquisition of the MIC when the unauthorized AP detection sensor 100 detects an unauthorized AP. The unauthorized AP detection sensor 100 transmits the unauthorized AP information to the management server 200. When the unauthorized AP is confirmed in the management server 200, the unauthorized AP detection sensor 100 transmits the unauthorized AP information to the blocking server 300, The blocking server 300 can block the connection between the unauthorized AP and the user terminal connected thereto by preventing the unauthorized AP from performing the original function through the DoS (Denial of Service) attack.

That is, the system according to an embodiment of the present invention may block the unauthorized AP in the IEEE 802.11w network environment without acquiring the MIC by separately providing the blocking server 300 that performs the blocking attack. This is because it is much easier to block between user terminals and unauthorized APs than to install an agent for acquiring MICs in each user terminal in order to acquire an MIC. Since the maintenance cost is relatively low, Intrusion Prevention System) without increasing the price of the system.

Hereinafter, the operation of the system according to an embodiment of the present invention will be described in detail with reference to FIG.

First, the unauthorized AP detection sensor 100 detects an unauthorized AP 110 in the network assigned to the unauthorized AP. The unauthorized AP detection sensor 100 may be connected to the management server 200 in a wired manner, but this is merely an example, and may be wirelessly connected.

The unauthorized AP detection sensor 100 collects information of the unauthorized AP 110 when the unauthorized AP 110 is detected. Then, the unauthorized AP detection sensor 100 transmits a blocking frame for blocking the connection between the user terminal 120 connected to the unauthorized AP 110 and the unauthorized AP 110. The blocking frame refers to a management frame, which may be a management frame based on the IEEE 802.11 standard method. In order to generate the blocking frame, the unauthorized AP detection sensor 100 collects information such as the MAC address, the SSIC, the BSSID, and the channel of the unauthorized AP 110 and the user terminal 120 connected thereto. The unauthorized AP detection sensor 100 uses the MAC address of the unauthorized AP 110 and the user terminal 120 in the collected information to transmit a disconnection frame including disassociation information and deauthentication information And transmit the blocking frame to the unlicensed AP 110 and the user terminal 120. [

If the unauthorized AP 110 is operating in a network environment based on IEEE 802.11, blocking for the user terminal 120 can be performed only by the above primary blocking operation. However, if the unauthorized AP 110 is operating in a network environment based on IEEE 802.11w, the unauthorized AP detection sensor 100 does not know the MIC, so that the above primary blocking operation has no effect.

Accordingly, when the connection between the user terminal 120 and the unlicensed AP 110 is not blocked by the blocking frame, the unauthorized AP detection sensor 100 firstly transmits a blocking request including the information of the unauthorized AP 110 To the management server (200).

The management server 200 checks whether the unauthorized AP 110 is a normal AP, and transmits a blocking request to the blocking server 300 when the unauthorized AP 110 is not a normal AP.

Specifically, the management server 200 compares the normal AP list (i.e., white list), which is a list of the stored normal AP information, with the received unlicensed AP 110 information, and transmits the unauthorized AP 110 information to the normal AP list If it is not included, the blocking server 300 may transmit a blocking request including the unauthorized AP 110 information.

The blocking server 300 receives the blocking request and identifies the unauthorized AP 110 based on the information of the unlicensed AP 110 included in the blocking request. The blocking server 300 then performs an attack to stop the service function of the identified unauthorized AP 110 to block the connection between the user terminal 120 connected to the identified unauthorized AP 110 and the unauthorized AP 110 do.

The attack performed by the blocking server 300 may include a Denial of Service (DoS) attack. A DoS attack is an attack that attempts to maliciously attack a target system (or server), causing the target system to run out of resources and not use it for its intended purpose. An attack such as making many attempts to connect to the target server to prevent other users from using the service normally, or to drop the TCP connection of the target server may be included in the scope of the DoS attack. A DoS attack usually results in a temporary or indefinite disruption or interruption of the functionality of an Internet site or service.

The type of the DoS attack of the blocking server 300 may include exhausting the computational resources of the unauthorized AP 110, disturbing the configuration information or state information, disturbing the physical network element, or communicating with the user terminal 120 It may be performed in a manner of blocking the medium. In addition, the DoS attack of the blocking server 300 may cause the processor of the unauthorized AP 110 to be busy, thereby preventing the user from performing any operation, causing an error in the microcode, or causing an error in the execution of the sequential command to cause the computer to become unstable The connection between the unlicensed AP 110 and the user terminal 120 connected to the unauthorized AP 110 can be blocked.

On the other hand, when a plurality of blocking servers 300 are provided or when the blocking server 300 controls a plurality of lower terminals or servers, an attack such as distributed denial of service (DoS) or DDoS / .

Then, the blocking server 300 generates attack result information and transmits the attack result information to the management server 200 after the attack on the unauthorized AP 110. [ The management server 200 transmits the attack result information to the unauthorized AP detection sensor 100.

As a further embodiment, when the unauthorized AP detection sensor 100 detects the unauthorized AP 110 having the same information in a case where the attack result information includes the content of the attack success, the unauthorized AP detection sensor 100 detects the non- It is possible to perform the secondary blocking operation immediately without performing the secondary blocking operation.

Next, referring to FIG. 3, an unauthorized AP 110 blocking method according to an embodiment of the present invention will be described in detail.

The following method is performed by the unauthorized AP 110 blocking system, so that even if there is a content omitted below, it is replaced with the above description.

First, the unauthorized AP detection sensor 100 detects an unauthorized AP 110 in the network (S101).

Then, the unauthorized AP 110 performs an IEEE 802.11-based blocking operation (S102). Specifically, the unauthorized AP 110 and the user terminal 120 connected thereto can be acquired to generate a blocking frame, which can be transmitted to the unauthorized AP 110 and the user terminal 120.

The unauthorized AP detection sensor 100 checks whether the blocking between the unauthorized AP 110 and the user terminal 120 is completed by the blocking operation in S102 (S103).

If the blocking is not completed, it is considered that the unlicensed AP 110 is using a network environment other than the IEEE 802.11 network environment, so that the unauthorized AP 110 transmits a blocking request to the management server 200 (S104).

 The management server 200 refers to the unauthorized AP 110 information included in the unauthorized AP 110 blocking request and compares it with the normal AP list (S105).

If the unauthorized AP 110 information is not included in the normal AP list, the interception server 300 transmits a blocking request including the unauthorized AP 110 information (S106).

The blocking server 300 performs a DoS attack against the unauthorized AP 110 requested to be blocked (S107), and may generate attack result information and transmit it to the management server 200 (S108).

The management server 200 may transmit the received attack result information to the unauthorized AP detection sensor 100 to complete the unauthorized AP 110 shutdown process operating on the IEEE 802.11w network environment.

One embodiment of the present invention may also be embodied in the form of a recording medium including instructions executable by a computer, such as program modules, being executed by a computer. Computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer-readable medium may include both computer storage media and communication media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Communication media typically includes any information delivery media, including computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, or other transport mechanism.

While the methods and systems of the present invention have been described in connection with specific embodiments, some or all of those elements or operations may be implemented using a computer system having a general purpose hardware architecture.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

The scope of the present invention is defined by the appended claims rather than the detailed description and all changes or modifications derived from the meaning and scope of the claims and their equivalents are to be construed as being included within the scope of the present invention do.

100: Unauthorized AP detection sensor 110: Unauthorized AP
120: user terminal 200: management server
300: Blocking server

Claims (11)

In an unauthorized access point (AP) blocking system operating on a network based on the IEEE 802.11w standard method,
An unauthorized AP detection sensor for detecting an unauthorized AP in the assigned network and transmitting the detected unauthorized AP information; And
A management server for comparing the stored normal AP list with the received unauthorized AP information and transmitting the unauthorized AP information to the blocking server when the unauthorized AP information is not included in the normal AP list; And
Detects unauthorized APs based on information of the unlicensed AP transmitted from the unauthorized AP detection sensor, and determines a service function of the identified unauthorized AP so that connection between a user terminal connected to the identified unauthorized AP and the unlicensed AP is blocked And a blocking server for performing an attack for stopping the network,
The unattended AP detection sensor includes:
And transmits a blocking frame for blocking a connection between a user terminal connected to the unlicensed AP and the unlicensed AP to the user terminal and the unlicensed AP when the unauthorized AP is detected, If the connection between the unauthorized AP and the unauthorized AP is not blocked, transmits a blocking request including information of the unauthorized AP to the management server,
The management server transmits the blocking request to the blocking server when the unauthorized AP is not a normal AP according to the blocking request,
Wherein the blocking server stops a service function of the unlicensed AP through a DoS (Denial of Service) attack.
delete The method according to claim 1,
The shielding frame includes:
And is an IEEE 802.11 standard method based frame. The method according to claim 1,
The shielding frame includes:
Wherein the unauthorized AP is a frame generated based on a MAC address of the unauthorized AP and a user terminal connected to the unauthorized AP, the disassociation information, and the deauthentication information. delete delete delete The method according to claim 1,
The shutdown server,
Generates attack result information after an attack on the unauthorized AP, and transmits the attack result information to be received by the unauthorized AP detection sensor. delete An unauthorized AP blocking method performed by an unauthorized AP (Access Point) blocking system operating on a network based on the IEEE 802.11w standard method,
The unauthorized AP detection sensor detects an unauthorized AP in the network assigned to the unauthorized AP detection sensor and transmits a blocking frame for blocking the connection between the user terminal connected to the unauthorized AP and the unauthorized AP, Transmitting a blocking request including information of the unauthorized AP to the management server when the connection between the user terminal and the unauthorized AP is not blocked by the blocking frame;
The management server compares the previously stored unlisted AP information with the previously stored unlisted AP information according to the blocking request and if the unapplied AP information is not included in the normal AP list, Transmitting; And
The blocking server identifies the unlicensed AP based on the information of the unlicensed AP transmitted from the unauthorized AP detection sensor and identifies the unauthorized AP so that the connection between the user terminal connected to the identified unauthorized AP and the unlicensed AP is blocked, And performing a DoS (Denial of Service) attack to stop the service function of the unauthorized AP. delete
KR1020160013495A 2015-12-09 2016-02-03 Method and system for preventing rogue access point KR101747144B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR20150174816 2015-12-09
KR1020150174816 2015-12-09

Publications (1)

Publication Number Publication Date
KR101747144B1 true KR101747144B1 (en) 2017-06-14

Family

ID=59217920

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160013495A KR101747144B1 (en) 2015-12-09 2016-02-03 Method and system for preventing rogue access point

Country Status (1)

Country Link
KR (1) KR101747144B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102102835B1 (en) * 2019-03-26 2020-04-22 시큐어레터 주식회사 Wips sensor
KR102321683B1 (en) * 2020-07-10 2021-11-04 (주)노르마 Method and apparatus capable of selectively blocking unauthorized bluetooth device

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
권혁찬, "차세대 무선랜 보안 기술", http://www.concert.or.kr/suf2015/, 2015.11.30*
노병규 외 3인, ‘차세대 무선랜 보안 기술동향 및 이슈’, PM Issue Report 2013, 제3권 이슈3, 한국방송통신전파진흥원, 2013.*
비특허문헌 - 구글(비인가 Rogue AP disassociation deauthentication 802.11w)
정수환, "사설 무선랜 보안 위협 및 대응 방안", 2007.09.*

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102102835B1 (en) * 2019-03-26 2020-04-22 시큐어레터 주식회사 Wips sensor
KR102321683B1 (en) * 2020-07-10 2021-11-04 (주)노르마 Method and apparatus capable of selectively blocking unauthorized bluetooth device

Similar Documents

Publication Publication Date Title
US8726338B2 (en) Dynamic threat protection in mobile networks
US8997201B2 (en) Integrity monitoring to detect changes at network device for use in secure network access
US9055090B2 (en) Network based device security and controls
KR101501669B1 (en) Behavior detection system for detecting abnormal behavior
US10834596B2 (en) Method for blocking connection in wireless intrusion prevention system and device therefor
US9503463B2 (en) Detection of threats to networks, based on geographic location
JP5682083B2 (en) Suspicious wireless access point detection
US10542020B2 (en) Home network intrusion detection and prevention system and method
US20070005987A1 (en) Wireless detection and/or containment of compromised electronic devices in multiple power states
US9426161B2 (en) Device-based authentication for secure online access
US9124617B2 (en) Social network protection system
US20190387408A1 (en) Wireless access node detecting method, wireless network detecting system and server
EP3395102B1 (en) Network management
WO2008001972A1 (en) Method for proactively preventing wireless attacks and apparatus thereof
US20230232230A1 (en) Zero Trust Wireless Monitoring - System and Method for Behavior Based Monitoring of Radio Frequency Environments
JP2010263310A (en) Wireless communication device, wireless communication monitoring system, wireless communication method, and program
US11336621B2 (en) WiFiwall
KR101747144B1 (en) Method and system for preventing rogue access point
US9100429B2 (en) Apparatus for analyzing vulnerability of wireless local area network
Kim et al. A technical survey on methods for detecting rogue access points
US20230007018A1 (en) Dynamic multi-network security controls
Nair et al. Intrusion detection in Bluetooth enabled mobile phones
KR102366574B1 (en) Wireless Intrusion Prevention Methods
EP2899940B1 (en) Connection method for secure connecting of a mobile device system to a network
Korolkov et al. Analysis of the wireless clients security from dos attacks

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant